Slovakian users have been subjected to a malicious campaign in which phishing operators leverage legitimate services and brands to evade security controls.
Using Smart links, a LinkedIn Premium feature abused by the threat actor to direct users to a phishing page for harvesting credit card information. The link is embedded in an email purportedly from the Slovakian Postal Service and is a legitimate LinkedIn URL, so secure email gateways and other filters are often unlikely to block it.
The email asks the recipient to pay a some amount of money for a package that is apparently pending shipment to them. Users tricked into clicking on the link arrive at a page designed to appear like one the postal service uses to collect online payments. But the truth is Users end up giving away their entire payment card details to the phishing operators as well.
LinkedIn’s Smart Links is a marketing feature that lets users who are subscribed to its Premium service direct others to content the sender want them to see. The feature allows users to use a single LinkedIn URL to point users to multiple marketing collateral such as documents, Excel files, PDFs, images, and webpages.
Recipients receive a LinkedIn link that, when clicked, redirects them to the content behind it. This feature allows users to get relatively detailed information on who might viewed the content, how they might have interacted with it, and other details.
The growing use by attackers of legitimate software-as-a-service and cloud offerings such LinkedIn, Google Cloud, AWS, and numerous others to host malicious content or to direct users to it, is one reason why phishing remains one of the primary initial access vectors.